Webshell

Sep 12, 2021  ·  15 min read

HackTheBox - Gobox

SSTI in Golang, abuse S3 bucket, and NGINX backdoor

Linux · S3 · AWS · LocalStack · Go · SSTI

Aug 07, 2021  ·  10 min read

HackTheBox - TheNotebook

Abusing JWT key identifier and breaking out of a Docker container

Linux · JWT · Webshell · CVE-2019-5736 · Docker · Sudo

Jun 26, 2021  ·  10 min read

HackTheBox - Spectra

Getting password from automatic login script of ChromeOS

Linux · Chrome-OS · WordPress · Directory-Listing · Webshell · Password-Reuse

May 07, 2021  ·  9 min read

HackTheBox - Passage

Leveraging USBCreator for local privilege escalation on Linux

Linux · CVE-2019-11447 · Webshell · SSH-Key-Reuse · Password-Cracking · USBCreator

Apr 24, 2021  ·  14 min read

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Linux · AWS · LocalStack · S3 · DynamoDB · Webshell

Jan 30, 2021  ·  12 min read

HackTheBox - Worker

Learn how Azure Pipelines can be abused

Windows · Svn · Webshell · Azure-DevOps · Azure-Pipelines · Evil-Winrm

Nov 28, 2020  ·  10 min read

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux · SMTP · IMAP · Sylpheed · Phishing · Webshell

Nov 21, 2020  ·  8 min read

HackTheBox - Buff

Tunneling with Chisel to deliver a buffer overflow exploit

Windows · Webshell · CloudMe · Buffer-Overflow · Tunneling · Chisel

May 01, 2020  ·  6 min read

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file

Linux · SQL-Injection · Exiftool · Upload-Bypass · Webshell · SUID

May 01, 2020  ·  6 min read

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano

Linux · Code-Review · Webshell · Password-Cracking · Sudo · GTFOBins